​The WannaCry ransomware spread across the world in a short period of time and affected 100,000computers across 99 countries in the first 24 hours of attack. It successfully breached into some the UK’s largest hospitals, healthcare providers, Russian government agencies and multi-billion dollar corporations. Yet, the masterminds behind the WannaCry ransomware attack have only profited $26,000 from the attack to date.

On May 13, award-winning and best selling cyber security author and journalist Brian Krebs revealed in his blog KrebsonSecurity that the distributors of the WannaCry ransomware have only earned $26,000 worth of bitcoin so far.

The total ransom payments received by the WannaCry distributors were significantly smaller than what analysts and experts expected, primarily due to the sheer magnitude of the attack. For each computer the WannaCry ransomware successfully encrypted, the malware demanded $300 in bitcoin. Considering that around 1,00,000 computers were affected by the ransomwareattack, the distributors could have potentially earned upwards to $30 million from the global attack. Yet, according to Krebs, the developers of WannaCry have only earned $26,000 from the largest ransomware attack in history.

Companies including Elliptic and Redsocks were able to trace the ransomware payments to the actual bitcoin addresses of the WannaCry ransomware distributors using the three bitcoin addresseshard-coded onto the malware. Using those addresses as basis, Elliptic also implemented a bitcoin transaction untangling tool to trace other potential payments that were initiated by the three hard-coded bitcoin addresses.

Relative to the impact the WannaCry ransomware had on the global economy and the financial damages corporations had to endure due to the attack, the reward for the ransomware distributors was significantly small. Hence, the distributors of the ransomware most likely did not foresee a $26,000 revenue.

Although most major UK newspapers and mainstream media outlets featured more “How to Buy Bitcoin” articles on their front page than ever before, the lack of knowledge toward bitcoin of the general population likely led to an underwhelming amount of bitcoin ransom payments.

“However, I find it depressing to think of the massive financial damage likely wrought by this ransom campaign in exchange for such a comparatively small reward. It’s particularly galling because this attack potentially endangered the lives of many. At least 16 hospitals in the United Kingdom were diverting patients and rescheduling procedures on Friday thanks to the Wana outbreak, meaning the attack may well have hurt people physically”

Law enforcement agencies including the FBI also previously warned victims not to pay the ransom when encrypted because there exists no guarantee that the distributors will provide decryption keys for the disabled files. Such warnings from law enforcement agencies may also have convinced victims not to pay the ransom when affected.

“The FBI does not support paying a ransom to the adversary. Paying a ransom does not guarantee the victim will regain access to their data; in fact, some individuals or organizations are never provided with decryption keys after paying a ransom. Paying a ransom emboldens the adversary to target other victims for profit, and could provide incentive for other criminals to engage in similar illicit activities for financial gain,” the FBIsaid.

Author : Joseph Young

Joseph Young is a finance and tech journalist based in Hong Kong. He has worked with leading media and news agencies in the technology and finance industries, offering exclusive content, interviews, insights and analysis of cryptocurrencies, innovative and futuristic technologies.